Google Cloud data security and governance

Google Cloud offers industry-leading tools and
technology to efficiently protect and govern your data throughout its lifecycle.
We work hard to protect the privacy of your data, meet global security standards that
support compliance, and provide tools to help with regulations such as GDPR, so you
can have the peace of mind that your data is protected.

Data is automatically encrypted while
in transit and
at rest, and can
only be accessed by the authorized roles and services with audited access to the
encryption keys. Within Google Cloud, data is also automatically replicated and encrypted
for backup and disaster recovery. When data is ready to be
deleted, it is first marked
as "scheduled for deletion," and then it is removed in accordance with
service-specific policies.

Efficiently manage data

Google Cloud provides industry-leading tools and technology to efficiently manage data
throughout its lifecycle. In order to properly govern your data, you need to know
where it is. Cloud Data Loss Prevention
automatically helps you discover, classify, and redact sensitive data like credit
card numbers and social security numbers in Google Cloud, within other clouds, or from your
on-premises environment, according to the data policies your organization has set
up. Data Catalog provides a fully
managed, metadata management service that empowers you to quickly discover,
manage, and understand your data.
Security Command Center
helps you discover assets across App Engine, Compute Engine, Cloud Storage, and
Cloud Datastore and view them in one place so you can better understand your risks
before they result in business damage or loss.
Identity and Access Management (IAM)
provides fine-grained access control and visibility as well as a unified view into
security policies across organizations so you can manage identity, access control,
and auditing across your organization. Monitor log data and events from Google Cloud and
AWS in real time using Cloud Logging
as well as within your Google Cloud projects using
Cloud Audit Logs.

Support compliance requirements

Our products regularly undergo independent
third-party verification of
security, privacy, and compliance controls. We're constantly working to meet the
regulatory requirements that matter to you, such as the Health Insurance
Portability and Accountability Act (HIPAA), FIPS 140.2, and the Sarbanes-Oxley Act
(SOX). To assist in your compliance with global regulations, such as the
General Data Protection Regulation
(GDPR), we share up-to-date information,
best practices,
and easy access to
documentation.

In addition, Google Cloud offers data privacy, data portability, and threat
protection products and features that can support your compliance efforts. These
can be leveraged to prevent abuse or unlawful access to your data and maintain the
ongoing confidentiality, integrity, and availability of your data, and satisfy
other requirements. For example, Cloud IAM
allows you to control access rights and roles for Google Cloud Platform resources,
while Cloud Identity-Aware Proxy (IAP)
verifies a user's identity for cloud applications running on GCP.

Creating trust through transparency

You own your data. We do not access your data for any reason other than those
necessary to fulfill our contractual obligations to you. With
Access Transparency, we
capture real-time logs of manual, targeted accesses by either support or
engineering, so you can have visibility into our actions. It also allows you to
perform regular audits of access by administrators as a check on the effectiveness
of our controls.

Our Google Cloud Trust Principles
summarize our commitment to protecting the privacy of your data, and if you choose
to stop using Google Cloud, you can take your data with you at any time. We know
how important it is to earn your trust, so we're working hard and investing
heavily to keep this commitment.

Google approaches security and compliance in a very comprehensive, principled way, which gives us a lot of confidence that we will be covered if we choose to expand our use of Google Cloud services beyond BigQuery.